06-15-2010 04:28 AM - edited 03-11-2019 10:59 AM
Hello,
I have conencted my management interface on core with a different vlan from which inside interface is connected,My inside interface is in vlan 100 and management interface is in vlan 150,i m not able to ping my SVI interface of management on core from ASA (directly connected). The line protocol is down on ASA but the cable are connected and light are also glowing on core and also in ASA.
Solved! Go to Solution.
06-18-2010 06:43 PM
Are you running the firewall in multicontext mode?
If you are, have you done no shut for the m0/0 in the system context?
Otherwise, it may be best to contact the TAC to get further asisstance with troubleshooting the interface issue.
Regards,
06-15-2010 06:12 AM
Hi,
The management interface can be used just as any other Ethernet interface on the ASA.
The ''sh interface'' on the ASA shows the line protocol down? So, it shows up/down?
Can you check the cable and the status of the interface of the other device (which it connects directly to)?
Federico.
06-15-2010 07:44 AM
Hello Dear,
The light glows on the interface of core and firewall, but the config down and protocol is down.
06-15-2010 07:48 AM
Can you post a ''sh interface
Federico.
06-16-2010 12:13 PM
Hello,
Here is the below show output from ASA and core switch:
ASA-PRI# sh int ip brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 X>X>X>X YES CONFIG up up
GigabitEthernet0/1 X>X>X>X YES CONFIG up up
GigabitEthernet0/2 X>X>X>X YES CONFIG up up
GigabitEthernet0/3 X>X>>X>X YES unset down down
Internal-Control0/0 127.0.1.1 YES unset up up
Internal-Data0/0 unassigned YES unset up up
Management0/0 10.10.6.3 YES CONFIG down down
Virtual145 unassigned YES unset up up
CORE(config-if)#do sh ip int brief
Interface IP-Address OK? Method Status Protocol
Vlan6 10.10.6.6 YES NVRAM up up
GigabitEthernet2/1 unassigned YES unset up up
06-16-2010 08:45 PM
Can you please include what is configured on the asa interface Management 0/0, and also the configuration on the port, to which the ASA interface is connected to.
I belive you are saying the switch port is GigE 2/1 that is connected to management0/0
Regards,
06-16-2010 09:52 PM
Hello Edadios,
I belive you are saying the switch port is GigE 2/1 that is connected to management0/0
YES
I have configured on Core:
Core conf t# int gig0/6
Core conf if# sw mo acc
Core conf ift#sw acc vlan 6
int vlan 6
ip add 10.10.6.1 255.255.255.192
On ASA management interface:
interface Management0/0
nameif management
security-level 100
ip address 10.10.6.3 255.255.255.192 standby 10.10.6.4
management-only
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.240 standby 192.168.2.2
OOhhhhhh ! I think the same security level is not allowing the interface to come up and to speak to inside interface,My inside interface is connected to Core sw and also my management interface is connected to core sw but both in different vlan.
What i shld do on management interface to come up ????????
Thanks
06-16-2010 10:05 PM
Is it gig2/1 or gig0/6 that the management port of ASA is connected to on the switch?
Can you please physically check the port that management 0/0 is connected to on the switch, and then once you have confirmed that, please provide the configuration that is showing for that interface on the switch.
Regards,
06-17-2010 05:59 AM
Hello dear,
Its is gig 2/1 not the gig0/6, it is a typing mistake by me,the output i have provided to u in my previous mail it is correct.all connection are correct and perfect i m missing something in ASA,
I repeat once more the SVI on core interface up line protocol up and on the layer 2 port on core interface up and line protocol up (which is in vlan 6) but on firewall config down and protocol down.
Thanks
06-17-2010 02:15 PM
Hello Dears,
Can anybody help me for the above problem please.
06-17-2010 07:05 PM
Please unplug the cable you have connected on the ASA management 0/0.
Then please provide the output of the switch port 2/1 status.
06-18-2010 01:20 AM
From the switch
sh int vlan6
what does the above output show? You can try the following on the switch.
conf t
int vlan6
no shut
exit
ping 10.10.6.1 from the switch. Is vlan 6 created in the switch's database? "sh vlan id 6" on the switch show expected output?
On the firewall side what does "sh int m0/0" show?
You can try
conf t
int m0/0
no shut
Then try to ping10.10.6.3 from the firewall and see it it responds.
-KS
06-18-2010 02:23 AM
Hello Dear,
i have tried all these before and also with speed settings and duplex settings but no outcome,can u suggest me on something to do on firewall am i missing anything,
On core,
interface up protocol up
On ASA
config down protocol down.
this is the status
i have changed the cables but no result,the light glows but no connectivity
06-18-2010 08:46 AM
Something could be wrong with the management interface of the ASA (it has a working cable and it is enabled connected to a working device, and still shows down/down)
If you check the ARP table on the CORE do you see the MAC address of the management interface of the ASA?
This CORE switch and the ASA are directly connected correct? With what type of cable?
Federico.
06-18-2010 06:43 PM
Are you running the firewall in multicontext mode?
If you are, have you done no shut for the m0/0 in the system context?
Otherwise, it may be best to contact the TAC to get further asisstance with troubleshooting the interface issue.
Regards,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: